What is SOCKS?

SOCKS is one of the oldest proxy connection protocols, older than web proxys. The most recent implementation, SOCKS5, is still widely used. Many applications let you connect through SOCKS proxys, and for all others there are proxy helpers.

The YF client software lets you set up tunnels using the SOCKS4/SOCKS5 protocol as well, but now there is an alternative if you don't need the YF client just to get connected to our servers: you may directly use SOCKS5 with our servers! However, your SOCKS client application needs to support plaintext user authentication (and most if not all web browsers don't, for example). If it does not support authentication, use the YF client in-between.

In order to directly connect to our servers through SOCKS5, you must be able to reach our servers on one of the many ports they are listening on. Among them is of course port 1080 (the SOCKS default port) and if you are able to use this port we encourage you to use it; however all other ports are fine as well (among them port 80, 443, 21, 22 and many others). If you need any of YF's special abilities to get you connected, you cannot use this method.

Who can use this?

Anyone who has got an account with us. It does not matter whether it is a FreeFreedom, BasicFreedom, EnhancedFreedom or TotalFreedom account -- all of them work, though with their usual limitations of bandwidth and number of connections.

Configure your SOCKS5 capable (SOCKS4 does not work) application to use one of our servers (try "emsXX.your-freedom.de", replace XX with numbers between 01 and 35) on port 1080. Configure your YF username and password as authentication credentials. And that's it!

Is it secure?

The simple answer is: no, it is not secure.

SOCKS5 was designed with a LAN environment (or, more likely, with many beers and the spirit of the seventies) in mind; it does not provide any protection at all. No encryption, not even password protection. Well, that's only half the truth: there is an authentication mechanism called GSSAPI that would actually protect your password, but virtually no-one support it even though it is a requirement. Our servers are (sadly) no exception, though we intend to add it in the future.

But no matter what, SOCKS5 will not encrypt your traffic, nor will it ensure that you are actually connected to the right server. Your applications will have to take care of that. If you are afraid that anyone might spy on you, use the YF client instead, it will protect you!

But should I use it anyway?

If you've got no choice, then you've got no choice. For example, SOCKS5 might be supported by some mobile device that cannot run the YF client and that does not support the PPTP protocol, and you need to make it look like you are connecting from some other country. Or you might be able to configure SOCKS5 in your application but you haven't got permission to configure PPTP or install the YF client (though it actually does not need to be installed, you just need to extract the files).

Or maybe you just don't care and you are more concerned about latency than you are about privacy. In this case, using SOCK5 directly with our servers might be the right thing. Actually, it is very unlikely that anyone is spying on your connection if you reside in a "state of law" and you are using a home DSL connection or anything else that is not shared with others.

Are there any restrictions to what I can do?

Same as with the YF client, no more, no less.

You may send emails through SMTP but you will always get connected to our filtering server. Some of our servers will not allow some types of connections, especially P2P and IRC, for policy reasons.

Right now, there is another limitation but we will soon remove it. You can only set up outbound TCP connections, no inbound TCP connections and no UDP associations. In other words, this is still under development and you should expect some things to just not work yet.